Manual route on client permits to see other hosts?
Posted: Thu Mar 29, 2012 9:14 am
Here is the thing I suddenly found:
- I set up linux-based router for the network; the LAN is 10.10.10.0/24
- I set up OpenVPN server on this router; the client network is 10.10.20.0/24.
OpenVPN clients should only see some hosts on LAN: say, client1 should see 10.10.10.18 only, while client2 should be able to see 10.10.10.8/29. So I put that setting in server's per-user files. And it works pretty well.
But then "too wise" client1 managed to cheat by executing some kind of 'route add 10.10.10.0/24 10.10.20.1' command on his computer. And it worked for him!
In such a setup, it would be messy to manually have per-user firewall rules on router (sure I can assign static IP to client1 and client2 and the filter their traffic), is there any more automatic way to accomplish that?
Thank you in advance!
- I set up linux-based router for the network; the LAN is 10.10.10.0/24
- I set up OpenVPN server on this router; the client network is 10.10.20.0/24.
OpenVPN clients should only see some hosts on LAN: say, client1 should see 10.10.10.18 only, while client2 should be able to see 10.10.10.8/29. So I put that setting in server's per-user files. And it works pretty well.
But then "too wise" client1 managed to cheat by executing some kind of 'route add 10.10.10.0/24 10.10.20.1' command on his computer. And it worked for him!
In such a setup, it would be messy to manually have per-user firewall rules on router (sure I can assign static IP to client1 and client2 and the filter their traffic), is there any more automatic way to accomplish that?
Thank you in advance!